7 Questions to ask Cloud HR Software Vendors

By Published April 14, 2017
Cloud HR Software

The emergence of cloud computing is not new, but its implementation was relatively faster than expected. With every passing year cloud-adoption graph is getting bigger overlooking the very fact of cloud security and how comfortable are people in using such tools. HR industry is no exception where growth rate is exponentially high in adopting new cloud HR software including both pre-hire and post-hire domain. However, the primary concern among business leaders and HR heads is “How secure is the cloud migration”?

Cloud HR Software

First time in the history, organisations today find themselves equipped with three generations working together – Baby Boomers, Millennials and Generation Y. Therefore, every generation is battling with their dilemma of embracing new technologies. Simultaneously, handful information on cloud migrations benefits, drawbacks, and risks making it harder for Baby Boomers and Millennials (to some extent) to welcome the cloud computing and SaaS (Software as a Service) models with open arms.

In the following blog, let’s discuss few questions that must be enquired from cloud HR software vendors beforehand.

7 Must-Ask Cloud Security Questions

Patrick Eijkenboom, Vice President Global Software, suggested in one of the publications that organisations must take a measured approach before investing in any cloud HR software. The best advice for business leaders is not to get caught up in the rush and hype to put everything in the cloud.

However, when it comes to cloud security consider the following seven questions:

1. What is the size of your organization?

It is apparent that the size of the organization has greater implications on concerned security issues. For medium to large enterprise, there is a more lean approach towards more private HR cloud software adoption. For smaller businesses, operating on SaaS model can often be a more secure way to manage by migrating all systems into a common structured framework.

2. How does the cloud migration transform organisation’s risk profile?

A deployment of cloud computing in general – whether public or private – means you are no longer in complete control of data, environment, and people. It is important to understand that change in control affects the security – sometimes a decrease in risk and some cases increase in risk.

Therefore, it is imperative to ask HR cloud software vendor about the level of transparency they intend to provide including, integration with an existing system, advanced reporting and more.

Eventually, the data and its sensitivity level will command what sort of cloud is implemented, or SaaS model is truly a practical choice.

3. What security standards Cloud HR software vendors are using?

Within the cloud computing environment, the interoperability among services plays a significant role. It ensures the prevention of proprietary security silos once the systems are migrated to the cloud.

For instance, when there is single sign-on access to multiple clouds then possible security standards must include, OAuth, OpenID, SAML, CSA outputs and WS-Federation and WS-Trust.

A detailed conversation is necessary between cloud vendor and CIO (Chief Information Officer) before making any final decision.

4. What has compliance certifications the Cloud Software vendor earned?

Compliance with industry regulations and standards is another important aspect of judging the level of security selected cloud vendor is capable of delivering. Ask to see certifications and copies of audits performed by the provider that validate their current compliance. Be it for, Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), Payment Card Industry Data Security Standards (PCI DSS) or any other of the several of regulations your company must meet before the migration.

5. How to ensure only appropriate data is migrated into the cloud?

Developing the right security model based on the sensitivity of the information is critical to decide what could be moved to the cloud. This process should be initiated long before the cloud migration as it is an integral part of good security practices. Most organizations make efficient use of data leakage protection technology to classify and tag data.

6. What sort of data encryption policies vendor have in place?

It is important to learn your vendor’s approach to data encryption. Most big cloud storage providers including iCloud and Dropbox offers end-to-end encryption. The idea is to protect the file or data during transfer.

Encryption Key Management is a part of the vendor’s encryption policy. The organization can use the third party to do encryption as a service. However, in such case ensure the encryption keys are rotated and protected on a regular basis. Alternatively, which is also recommended option is organization should manage the encryption keys themselves and encrypt their data before sending to the vendor.

7. What is vendor’s Disaster Recovery Plan?

While most organisations using the cloud as their data backup strategy or opting for DRaaS (Disaster Recovery as a Service), they become progressively dependent on vendor’s capability to protect their data. Companies make certain that preferred cloud HR software vendor must have appropriate plans in place for data loss or breaches.

Ask questions like, where the data will reside in the case of any catastrophic failure to get a clear picture of their disaster recovery plan.

This is a critical element of overall cloud migration agreement with the vendor and must be managed on the individual basis. Both the organization and provider must meet breach notification policies. As the need arises, the vendor should adept of supporting reporting requirements.

The Final Word

Migrating to a cloud platform is not something to jump into without careful considerations. These are just a few of most important questions that merely scratched the surface on cloud security essentials. Understanding cloud migration challenges and risks thoroughly can lead to a robust platform that delivers improved productivity and cost savings.

( 113 visits)

Related posts: